I have about six years of experience in security, which includes perimeter security implementations, antivirus implementations and IDS implementations. I have several vendor security certifications from Symantec, Checkpoint and Sniffer. I also have vendor-neutral certs like CISSP.
I want to specialize in security auditing and would like to know if you think the BS 7799 cert from the British Standards Institute would help?
The BS 7799 has been upplanted by ISO 17799, though the latter owes most of its content and coverage to the former. Certainly this kind of certification will help to sharpen your auditing skills, but you may also want to consider obtaining a CISA (Certified Information Systems Auditor; see www.isaca.org for more information). At present, I can't find any information about certification programs for IT professionals that target ISO 17799 specifically (see for example this discussion). That's why I recommend the other program.
Right now, it looks like companies or organizations can try to get ISO 17799 certified, but as yet, I see no individual training or certification programs that attempt to credential individuals as "ISO 17799 practitioners" or whatever the correct nomenclature might be.
Careers and Certification Tip: The vendor-neutral security certification landscape
News & Analysis: Audits confirm enterprise security
Featured Topic: Fearless auditing
This was first published in October 2002